Google's TAG observes spike in state-backed hacking, points out Iranian group APT35

Google Threat Analysis Group (TAG) has tracked a spike in government-backed hacking this year. As per the data released in the blog post, Google said that so far in 2021, it has sent more than 50,000 warnings of phishing and malware attacks to account holders. The count has gone up by 33% from what was recorded around the same time last year.

On a single day, TAG trackers have observed more than 270 targeted or government-backed groups spread over 50 countries, Google said in a statement. "We have a long-standing policy to send you a warning if we detect that your account is a target of government-backed phishing or malware attempts," the blog post added.

Google disrupts Iranian hacking group on multiple occasions

While the 33% rise was attributed to "blocking an unusually large campaign" from the Russian hacking group known as APT 28 or Fancy Bear, Google has observed more targetted abuse from Iranian state-backed Hacker group APT35 or Charming Kitten. The group regularly launches phishing campaigns focussing on high-risk users, for example, the one during the 2020 US election on campaign staffers, Ajax Bash from Google TAG said, as per The Guardian. "For years, this group has hijacked accounts, deployed malware, and used novel techniques to conduct espionage aligned with the interests of the Iranian government," Google said.

Earlier this year, Google countered a malware attack launched by the Charming Kitten on a website attributed to the UK University. They compromised a website to 'host' a tried and tested 'phishing kit.' "Attackers sent email messages with links to this website to harvest credentials for platforms such as Gmail, Hotmail, and Yahoo. Users were instructed to activate an invitation to a (fake) webinar by logging in. The phishing kit will also ask for second-factor authentication codes sent to devices," TAG trackers explained as per the blog post.

It is to be noted that this Iranian group of hackers are not an overachiever since they have mostly relied on the 2017 method of 'credential phishing through a compromised website.' However, their success rate has spiked due to the difficulty for users to identify this kind of attack. Google also meticulously stated its battle against malicious online propaganda from APT35 and many more. TAG is aimed to identify unsafe websites and raise awareness about potential harm, Google said.

Image: Unsplash/Shutterstock